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REMARKS IN SUPPORT OF 
THE PRE-APPEAL BRIEF REQUEST FOR REVIEW 

Dear Sir: 

In response to the Final Office Action mailed on October 1 8, 2006 (hereinafter, "the Final 
Office Action"), Applicants file herewith a Notice of Appeal and a Pre- Appeal Brief Request for 
Review and request review of the following issues: 

7. Claims 7, 3-75, 75, and 1 7-27 Are Allowable Over Douglas and Mann 
Applicants traverse the rejection of claims 1, 3-13, 15, and 17-27 under 35 U.S.C.§103(a) 
over U.S. Patent Publication No. 2004/0049693 ("Douglas") in view of U.S. Patent No. 
6,081,894 ("Mann") at page 3 of the Final Office Action. The Final Office Action acknowledges 
that Douglas does not disclose or suggest, in response to detecting an intrusion event, isolating at 
least one network interface from a computer network and taking a host system down to a single 
user state so that access to the host computer system is limited to physical access at the host 
computer system, as recited by independent claims 1 and 15. 
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The Final Office Action asserts that Mann discloses this feature, citing Mann at col. 3, 
lines 2-5. However, Mann discloses that the data sending entity is isolated from the data 
receiving entity without disrupting normal operation of either entity. See Mann^ col. 2, lines 30- 
32 (emphasis added). At the section referenced by the Final Office Action, Mann states: 

When a virus is detected, a data isolator 60, that is responsive to a control signal 
42 from the data comparator 40, isolates the first data channel 22 from the second 
data channel 32. Thus, viruses are detected and prevented from being received by 
the data receiving entity 30. 

Mann, col. 3, lines 2-5. Thus, the data isolator of Mann resides between the data receiving entity 
(e.g., personal computer or local area network) and the data sending entity (i.e. the internet). See 
Mann, col. 2, line 61 through col. 3, line 7. 

Applicants note that claims 1 and 15 recite "operating the host computer in a multi-user 
mode" and "a host computer system to operate in a multi-user mode," respectively. 
Additionally, independent claims 1 and 15 recite "in response to detecting the intrusion event, 
isolating the at least one network interface from the computer network and taking the host 
computer system down to a single user state so that access to the host computer system is limited 
to physical access at the host computer system." The "single user state" is a different state from 
normal operation ("multi-user mode"). Thus, Mann does not disclose or suggest taking the host 
computer system down to a single user state, as recited by independent claims 1 and 15. 

The Final Office Action states: 

When the first data channel is isolated from the second data channel, it is obvious that the 
two entities are isolated from each other. Because there are only two entities and they are 
isolated from each other, it is clear that both entities are in single user states. 

The Final Office Action, p. 2. 

The assumption that "it is clear that both entities are in single user states" is incorrect and 
not applicable, since the receiving entity was never indicated to be in a multi-user state. 
Moreover, the data sending entity is indicated to be the Intemet (See Mann, col. 2, lines 62-63), 
so it is unclear how the data sending entity could ever be reduced to a single user state. 
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Further, Mann discloses that the isolation is provided without disrupting normal 
operation. See Mann, col. 2, lines 30-32. In direct contrast, claims 1 and 15 recite 'taking the 
host computer system down to a single user state." Ahering the state of the device from a multi- 
user state to a single user state is a disruption of normal operation. Thus, Maim teaches away 
from claims 1 and 15. 

Moreover, Mann discloses that the data receiving entity may be a personal computer or a 
local area network. See Mann, col. 2, lines 63-64. Maim provides no indication that the personal 
computer operates in a multi-user mode and provides no indication that the data isolator is 
adapted to take the receiving device down to a single user state. When the receiving device is a 
local area network, it is unclear how the local area network may be reduced to a single user state 
without disruption of normal operation. Further, Mann does not disclose or suggest any direct 
action taken with respect to the data receiving entity. Instead, Mann discloses that the data 
isolator isolates the data receiving entity by isolating a first data channel (extending from the 
data sending entity to the data isolator) from a second data channel (extending from the data 
isolator to the data receiving device). See Mann, Abstract, and col. 2, line 61 through col. 3, line 
5. 

Thus, Mann does not disclose or suggest "taking the host computer system down to a 
single user state," as recited by claims 1 and 15. Therefore, Mann fails to overcome the 
deficiencies of Douglas, and the asserted combination of Douglas and Mann fails to disclose or 
suggest each and every element of independent claims 1 and 15, and of dependent claims 3-13 
and 17-27, at least by virtue of their dependency from one of claims 1 and 15. At least for the 
foregoing reasons, the rejection of claims 1, 3-13, 15, and 17-27 should be withdrawn. 

2. Claim 14 Is Allowable Over Douglas and Mann 

Applicants traverse the rejection of claim 14 under 35 U.S.C. § 103(a) over Douglas in 
view of Mann at pages 3 and 6 of the Final Office Action. None of the cited references, alone or 
in combination, recite the particular arrangement of features recited by independent claim 14. 
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Claim 14 recites in response to detecting the intrusion event, the method includes issuing 
an IFCONFIG down command to the at least one network interface to isolate the at least one 
network interface from the computer network, issuing an INITl command to an operating system 
of the host computer system to take the host computer system down to a single user state, and 
writing a log of the intrusion event to a log database that is not located on the second computer 
system. 

The Final Office Action rejects claim 14 over Douglas and Mann as applied to claims 1-8 
and 10. See the Final Office Action^ p. 6. As previously discussed, Douglas fails to disclose or 
suggest, in response to detecting an intrusion event, taking the host computer down to a single 
user state. Also, as previously discussed, Mann provides no indication that the personal 
computer operates in a multi-user mode and provides no indication that the data isolator is 
adapted to take the receiving device down to a single user state. Moreover, Mann does not 
disclose or suggest issuing an INITl command to an operating system of the host computer 
system to take the host computer system down to a single user state, as recited by claim 14. 
Instead, Mann provides isolating by isolating the first data channel from the second data channel. 
See Mann, Abstract, and col. 2, line 61 through col. 3, line 5. Thus, the asserted combination of 
Douglas and Mann fails to disclose or suggest at least one element of independent claim 14. 
Therefore, the rejection of claim 14 should be withdrawn. 

CONCLUSION 

Applicants have pointed out specific features of the claims not disclosed, suggested or 
rendered obvious by the references applied in the Final Office Action. Accordingly, Applicants 
respectfully request reconsideration and withdrawal of each of the objections and rejections, as 
well as an indication of allowability of each of the claims now pending. 
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The Commissioner is hereby authorized to charge any fees, which may be required, or 
credit any overpayment, to Deposit Account Number 50-2469. 



Respectfully submitted. 

Date Jeftfey G. Toler, Reg. No. 38,342 

Attorney for Applicant(s) 
TOLER SCHAFFER, L.L.P. 
5000 Plaza On The Lake, Suite 265 
Austin, Texas 78746 
(512) 327-55 15 (phone) 
(512) 327-5575 (fax) 
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